Identity-Based Encryption from the Weil Pairing
SIAM Journal on Computing
Efficient Algorithms for Pairing-Based Cryptosystems
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A Fault Attack on Pairing-Based Cryptography
IEEE Transactions on Computers
Tate Pairing with Strong Fault Resiliency
FDTC '07 Proceedings of the Workshop on Fault Diagnosis and Tolerance in Cryptography
Pairing '08 Proceedings of the 2nd international conference on Pairing-Based Cryptography
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
On the Final Exponentiation for Calculating Pairings on Ordinary Elliptic Curves
Pairing '09 Proceedings of the 3rd International Conference Palo Alto on Pairing-Based Cryptography
On compressible pairings and their computation
AFRICACRYPT'08 Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology
IEEE Transactions on Information Theory
High-speed software implementation of the optimal ate pairing over Barreto-Naehrig curves
Pairing'10 Proceedings of the 4th international conference on Pairing-based cryptography
Faster explicit formulas for computing pairings over ordinary curves
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Side channel analysis of practical pairing implementations: which path is more secure?
VIETCRYPT'06 Proceedings of the First international conference on Cryptology in Vietnam
Practical Optical Fault Injection on Secure Microcontrollers
FDTC '11 Proceedings of the 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography
IEEE Transactions on Information Theory
IEEE Transactions on Information Theory
Approach to Pairing Inversions Without Solving Miller Inversion
IEEE Transactions on Information Theory
Electromagnetic Transient Faults Injection on a Hardware and a Software Implementations of AES
FDTC '12 Proceedings of the 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography
The importance of the final exponentiation in pairings when considering fault attacks
Pairing'07 Proceedings of the First international conference on Pairing-Based Cryptography
Pairing'07 Proceedings of the First international conference on Pairing-Based Cryptography
Hi-index | 0.00 |
The calculation of the Tate pairing on ordinary curves involves two major steps: the Miller Loop (ML) followed by the Final Exponentiation (FE). The first step for achieving a full pairing inversion would be to invert this FE, which in itself is a mathematically difficult problem. To our best knowledge, most fault attack schemes proposed against pairing algorithms have mainly focussed on the ML. They solved, if at all, the inversion of the FE in some special 'easy' cases or even showed that the complexity of the FE is an intrinsic countermeasure against a successful full fault attack on the Tate pairing. In this paper, we present a fault attack on the FE whereby the inversion of the final exponentiation becomes feasible using 3 independent faults.